mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
chore: Merge more rbac files (#6927)
* chore: Merge more rbac files - Remove cache.go -> authz.go - Remove query.go -> authz.go - Remove role.go -> roles.go * Order imports * fmt
This commit is contained in:
Steven Masley
GitHub
@ -2,12 +2,14 @@ package rbac_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/coder/coder/coderd/coderdtest"
|
||||
"github.com/coder/coder/coderd/rbac"
|
||||
)
|
||||
|
||||
@ -233,3 +235,105 @@ func benchmarkSetup(orgs []uuid.UUID, users []uuid.UUID, size int, opts ...func(
|
||||
|
||||
return objectList
|
||||
}
|
||||
|
||||
// BenchmarkCacher benchmarks the performance of the cacher with a given
|
||||
// cache size. The expected cache size in prod will usually be 1-2. In Filter
|
||||
// cases it can get as high as 10.
|
||||
func BenchmarkCacher(b *testing.B) {
|
||||
b.ResetTimer()
|
||||
// Size of the cache.
|
||||
sizes := []int{1, 10, 100, 1000}
|
||||
for _, size := range sizes {
|
||||
b.Run(fmt.Sprintf("Size%d", size), func(b *testing.B) {
|
||||
ctx := rbac.WithCacheCtx(context.Background())
|
||||
authz := rbac.Cacher(&coderdtest.FakeAuthorizer{AlwaysReturn: nil})
|
||||
for i := 0; i < size; i++ {
|
||||
// Preload the cache of a given size
|
||||
subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
}
|
||||
|
||||
// Cache is loaded as a slice, so this cache hit is always the last element.
|
||||
subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
b.ResetTimer()
|
||||
for i := 0; i < b.N; i++ {
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestCacher(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("EmptyCacheCtx", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := context.Background()
|
||||
rec := &coderdtest.RecordingAuthorizer{
|
||||
Wrapped: &coderdtest.FakeAuthorizer{AlwaysReturn: nil},
|
||||
}
|
||||
authz := rbac.Cacher(rec)
|
||||
subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
|
||||
// Two identical calls
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
|
||||
// Yields two calls to the wrapped Authorizer
|
||||
rec.AssertActor(t, subj, rec.Pair(action, obj), rec.Pair(action, obj))
|
||||
require.NoError(t, rec.AllAsserted(), "all assertions should have been made")
|
||||
})
|
||||
|
||||
t.Run("CacheCtx", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := rbac.WithCacheCtx(context.Background())
|
||||
rec := &coderdtest.RecordingAuthorizer{
|
||||
Wrapped: &coderdtest.FakeAuthorizer{AlwaysReturn: nil},
|
||||
}
|
||||
authz := rbac.Cacher(rec)
|
||||
subj, obj, action := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
|
||||
// Two identical calls
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
_ = authz.Authorize(ctx, subj, action, obj)
|
||||
|
||||
// Yields only 1 call to the wrapped Authorizer for that subject
|
||||
rec.AssertActor(t, subj, rec.Pair(action, obj))
|
||||
require.NoError(t, rec.AllAsserted(), "all assertions should have been made")
|
||||
})
|
||||
|
||||
t.Run("MultipleSubjects", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx := rbac.WithCacheCtx(context.Background())
|
||||
rec := &coderdtest.RecordingAuthorizer{
|
||||
Wrapped: &coderdtest.FakeAuthorizer{AlwaysReturn: nil},
|
||||
}
|
||||
authz := rbac.Cacher(rec)
|
||||
subj1, obj1, action1 := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
|
||||
// Two identical calls
|
||||
_ = authz.Authorize(ctx, subj1, action1, obj1)
|
||||
_ = authz.Authorize(ctx, subj1, action1, obj1)
|
||||
|
||||
// Extra unique calls
|
||||
var pairs []coderdtest.ActionObjectPair
|
||||
subj2, obj2, action2 := coderdtest.RandomRBACSubject(), coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
_ = authz.Authorize(ctx, subj2, action2, obj2)
|
||||
pairs = append(pairs, rec.Pair(action2, obj2))
|
||||
|
||||
obj3, action3 := coderdtest.RandomRBACObject(), coderdtest.RandomRBACAction()
|
||||
_ = authz.Authorize(ctx, subj2, action3, obj3)
|
||||
pairs = append(pairs, rec.Pair(action3, obj3))
|
||||
|
||||
// Extra identical call after some unique calls
|
||||
_ = authz.Authorize(ctx, subj1, action1, obj1)
|
||||
|
||||
// Yields 3 calls, 1 for the first subject, 2 for the unique subjects
|
||||
rec.AssertActor(t, subj1, rec.Pair(action1, obj1))
|
||||
rec.AssertActor(t, subj2, pairs...)
|
||||
require.NoError(t, rec.AllAsserted(), "all assertions should have been made")
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user